Along with constant development of web technologies, WEB which is a universally applicable platform has become to bear an increasing number of core services of various organizations, e.g., electronic government affairs, electronic commerce, value-added services of operators, etc. There are consequently an increasing number of increasingly intensive attacks for various services of WEB applications. Taking website information being tampered as an example, an illegal code is loaded into information of a website to maliciously tamper the information published by the website, so that the website may suffer from a loss of credit, an economic loss and even some adverse political outcome.
Traditional security apparatus (e.g., a firewall, an anti-intrusion system) may address the security issue of the WEB applications only to some limited extent, because on one hand the traditional web firewall software has some bugs which tend to become a window of an attack; and on the other hand, the traditional web firewall cannot offer a function of real-time monitoring and consequently may generate a protection strategy with a delay.
In view of this, web security providers have proposed a Web Application Firewall (WAF) for protection of a WEB site along with the development of the web technologies. Unfortunately, a security protection solution adopted by the existing WAF is typically to configure security strategies for various WEB application threats (e.g., SQL injection, anti-stealing-link) for the purpose of protection. However, an occurrence of each WEB application threat is closely correlated with bugs present in the WEB site, which in turn are closely correlated with the service logic of the WEB site. Taking an SQL injection threat as an example, for an SQL operation on a service A, a relevant parameter a may be set as required for the service, and the parameter a needs to satisfy some rule, for example, the parameter a cannot include a special character, otherwise it may be utilized by an attacker to make an SQL attack, so this rule needs to be set in the WAF for protection; while the parameter a is not required for a service B, so there is no need of the protection. In other words, the existing WAF cannot configure comprehensively the WEB site with an individualized protection strategy.